TinyWall icon indicating copy to clipboard operation
TinyWall copied to clipboard

Published 20 hours ago verified publisher icon pylorak

Troubleshooting Battle.net

Open chrisandrewca opened this issue 9 months ago • 5 comments

Hello, thank you for building and sharing this software. It rocks!

I'm having some trouble getting Battle.net to install.

Scenario: Install Battle.net w/ TinyWall in Disabled mode Works!

Scenario: Install Battle.net w/ Exclusions: Does not work! Image Image

I dug around with Process Explorer, Powershell, and some Python. A possible lead is: setHostname hangs in a core System32 networking DLL. However, Dnsclient, DHCP, and ICS services are all whitelisted.

If you're open to helping me resolve this issue I'm prepared to provide the necessary information and help dig deeper.

Thank you kindly, Chris

chrisandrewca avatar Mar 02 '25 04:03 chrisandrewca

I may have jumped the gun here. I thought disabling the firewall enabled Battle.net to succeed previously. That may not be the case. Closing for now. Thanks again!

chrisandrewca avatar Mar 02 '25 04:03 chrisandrewca

Hello! I'm reaching out again since I was able to validate this issue on my end, for my use case.

Working Scenario:

  1. Fresh Windows 11 install, updated
  2. Disable firewall
  3. Battle.net installs / World of Warcraft installs

Not-Working Scenario:

  1. Fresh Windows 11 install, updated
  2. White-list all Blizzard Entertainment .exe's using "Blocked Connections" information.
  3. White-list DHCP, DNS (which is white-listed by default)
  4. Battle.net fails to install completely / World of Warcraft fails to install

I'm not sure which of the SVCHOST's is related, if any, and based on their ports it looks like DNS and DHCP. But the thing is, those are white-listed, and I cannot pinpoint which actual service these are.

The closest info I have is a hang on a set/getHostname in a Win32 networking DLL (Battle.net), but it doesn't appear to be showing up directly.

I have also tried white-listing dhcp/dns services with the white-list service feature.

Image

Image

I would appreciate any help.

TinyWall is becoming central to my zero-knowledge workflow. I truly appreciate your efforts with this software.

chrisandrewca avatar Mar 03 '25 06:03 chrisandrewca

Check why TW is blocking access to port 53 of your router. Have you disabled 'Windows DNS Client' option from 'Special Exemptions' tab?

itsKV avatar Mar 16 '25 12:03 itsKV

Hey @itsKV preciate' the help.

I dug down a little further with ProcMon and ProcessExplorer.

It appears it comes down to: C:\Windows\system32\svchost.exe -k NetworkService -p

The issue being here: unable to identity (whitelist) the svchost.exe run by another user account, "NetworkService". I was able to validate this by:

  1. removing all whitelists (everything blocked)
  2. adding the appropriate battle.net installer whitelist
  3. adding "All Applications" whitelist - allowing UDP 53 out, UDP * in

The rule in point 3. should for sure for sure unblock this but no... it's due to "NetworkService" user profile via setHostname old Win32 API the battle.net installer is using.

Image

Image

Ask:

Is there a way to currently whitelist C:\Windows\system32\svchost.exe -k NetworkService -p? If not, I'd love to help add it. Can you point out the relevant code files? Just so I can plug in...let me know your thoughts.

Thanks, Chris

chrisandrewca avatar May 14 '25 21:05 chrisandrewca

Okay, interesting, but I can't explain yet why it wouldn't work. Even if running under a different user profile causes setHostname code to execute in NetworkService but without its service SID (but this is pure speculation), it would only prevent whitelisting from working if whitelisted as a service in TinyWall. If whitelisted as an executable, or due to an "All applications" rule, unblocking it should still work.

Is there a way to currently whitelist C:\Windows\system32\svchost.exe -k NetworkService -p? If not, I'd love to help add it.

There is no known issue with svchost.exe so it should work, in fact much of the basic network connectivity of any Windows computer relies on svchost being whitelisted correctly (which in TinyWall is done through the Special Exceptions). Since in general internet is working on your computer, I'd say svchost can be whitelisted. I'm sure "svchost.exe -k NetworkService -p" is some special case or behaves differently in yet some unknown way if that doesn't work. FYI, TinyWall doesn't even treat svchost differently than anything else (except during autolearn but you're not using that).

Can you point out the relevant code files? Just so I can plug in...let me know your thoughts.

The code files in TinyWall? Basically all the firewall logic is handled in TinyWallService.cs. Everything else is either helper classes or the GUI. More specifically, the call chain where firewall rule creation begins is the InstallFirewallRules() method, and the deepest part of that is the ConstructFilter(RuleDef r, LayerKeyEnum layer) function overload where specific filters for WFP (Windows Filtering Platform) are created. Firewall rule creation happens in two steps: First, exceptions defined in the GUI (FirewallExceptionV3) get translated into RuleDef instances within AssembleActiveRules()/GetRulesForException(), and then the above mentioned ConstructFilter() creates WFP rules based on the RuleDef objects.

pylorak avatar May 15 '25 08:05 pylorak